1. Technical Field
This disclosure relates generally to identity management in a networking environment.
2. Background of the Related Art
User-centric identity protocols, such as OpenID, and delegated authorization protocols, such as OAuth 2.0, require users to authorize consent for clients (e.g., web sites) that wish to access the user's profile information. This authorization typically is achieved via a web form prompt to the user at an identity provider or other authorization server. The form contains information identifying the client, the type of data, one or more operations, or other context information, that can be used by the end user to make a consent decision. By completing the form or otherwise providing the consent, the user can then allow subsequent (and automated) access by the client to the user's profile information. In current implementations, however, users must authorize every client, as there is no known technique for giving automatic consents to certain clients that, for example, have some commonality with other clients. As such, the authorization requirement is onerous on the user when accessing sites of a similar nature, particularly where consent decisions are not persisted to long term storage.
User-Managed Access (UMA) is a draft protocol that defines how resource owners can control protected-resource access by clients operated by arbitrary requesting parties, where the resources reside on any number of resource servers, and where a centralized authorization server governs access based on resource owner policy. The solution delegates the authorization decision to another system that, in turn, has to validate each client request. The UMA protocol, however, does not define any mechanisms by which policy decisions are authored by the resource owner or made by the access manager.